# ref: helm template --release-name traefik --namespace ingress-controller --include-crds traefik/traefik
---
# Source: traefik/crds/hub.traefik.io_accesscontrolpolicies.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: accesscontrolpolicies.hub.traefik.io
spec:
  group: hub.traefik.io
  names:
    kind: AccessControlPolicy
    listKind: AccessControlPolicyList
    plural: accesscontrolpolicies
    singular: accesscontrolpolicy
  scope: Cluster
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: AccessControlPolicy defines an access control policy.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: AccessControlPolicySpec configures an access control policy.
            properties:
              apiKey:
                description: AccessControlPolicyAPIKey configure an APIKey control
                  policy.
                properties:
                  forwardHeaders:
                    additionalProperties:
                      type: string
                    description: ForwardHeaders instructs the middleware to forward
                      key metadata as header values upon successful authentication.
                    type: object
                  keySource:
                    description: KeySource defines how to extract API keys from requests.
                    properties:
                      cookie:
                        description: Cookie is the name of a cookie.
                        type: string
                      header:
                        description: Header is the name of a header.
                        type: string
                      headerAuthScheme:
                        description: |-
                          HeaderAuthScheme sets an optional auth scheme when Header is set to "Authorization".
                          If set, this scheme is removed from the token, and all requests not including it are dropped.
                        type: string
                      query:
                        description: Query is the name of a query parameter.
                        type: string
                    type: object
                  keys:
                    description: Keys define the set of authorized keys to access
                      a protected resource.
                    items:
                      description: AccessControlPolicyAPIKeyKey defines an API key.
                      properties:
                        id:
                          description: ID is the unique identifier of the key.
                          type: string
                        metadata:
                          additionalProperties:
                            type: string
                          description: Metadata holds arbitrary metadata for this
                            key, can be used by ForwardHeaders.
                          type: object
                        value:
                          description: Value is the SHAKE-256 hash (using 64 bytes)
                            of the API key.
                          type: string
                      required:
                      - id
                      - value
                      type: object
                    type: array
                required:
                - keySource
                type: object
              basicAuth:
                description: AccessControlPolicyBasicAuth holds the HTTP basic authentication
                  configuration.
                properties:
                  forwardUsernameHeader:
                    type: string
                  realm:
                    type: string
                  stripAuthorizationHeader:
                    type: boolean
                  users:
                    items:
                      type: string
                    type: array
                type: object
              jwt:
                description: AccessControlPolicyJWT configures a JWT access control
                  policy.
                properties:
                  claims:
                    type: string
                  forwardHeaders:
                    additionalProperties:
                      type: string
                    type: object
                  jwksFile:
                    type: string
                  jwksUrl:
                    type: string
                  publicKey:
                    type: string
                  signingSecret:
                    type: string
                  signingSecretBase64Encoded:
                    type: boolean
                  stripAuthorizationHeader:
                    type: boolean
                  tokenQueryKey:
                    type: string
                type: object
              oAuthIntro:
                description: AccessControlOAuthIntro configures an OAuth 2.0 Token
                  Introspection access control policy.
                properties:
                  claims:
                    type: string
                  clientConfig:
                    description: AccessControlOAuthIntroClientConfig configures the
                      OAuth 2.0 client for issuing token introspection requests.
                    properties:
                      headers:
                        additionalProperties:
                          type: string
                        description: Headers to set when sending requests to the Authorization
                          Server.
                        type: object
                      maxRetries:
                        default: 3
                        description: MaxRetries defines the number of retries for
                          introspection requests.
                        type: integer
                      timeoutSeconds:
                        default: 5
                        description: TimeoutSeconds configures the maximum amount
                          of seconds to wait before giving up on requests.
                        type: integer
                      tls:
                        description: TLS configures TLS communication with the Authorization
                          Server.
                        properties:
                          ca:
                            description: CA sets the CA bundle used to sign the Authorization
                              Server certificate.
                            type: string
                          insecureSkipVerify:
                            description: |-
                              InsecureSkipVerify skips the Authorization Server certificate validation.
                              For testing purposes only, do not use in production.
                            type: boolean
                        type: object
                      tokenTypeHint:
                        description: |-
                          TokenTypeHint is a hint to pass to the Authorization Server.
                          See https://tools.ietf.org/html/rfc7662#section-2.1 for more information.
                        type: string
                      url:
                        description: URL of the Authorization Server.
                        type: string
                    required:
                    - url
                    type: object
                  forwardHeaders:
                    additionalProperties:
                      type: string
                    type: object
                  tokenSource:
                    description: |-
                      TokenSource describes how to extract tokens from HTTP requests.
                      If multiple sources are set, the order is the following: header > query > cookie.
                    properties:
                      cookie:
                        description: Cookie is the name of a cookie.
                        type: string
                      header:
                        description: Header is the name of a header.
                        type: string
                      headerAuthScheme:
                        description: |-
                          HeaderAuthScheme sets an optional auth scheme when Header is set to "Authorization".
                          If set, this scheme is removed from the token, and all requests not including it are dropped.
                        type: string
                      query:
                        description: Query is the name of a query parameter.
                        type: string
                    type: object
                required:
                - clientConfig
                - tokenSource
                type: object
              oidc:
                description: AccessControlPolicyOIDC holds the OIDC authentication
                  configuration.
                properties:
                  authParams:
                    additionalProperties:
                      type: string
                    type: object
                  claims:
                    type: string
                  clientId:
                    type: string
                  disableAuthRedirectionPaths:
                    items:
                      type: string
                    type: array
                  forwardHeaders:
                    additionalProperties:
                      type: string
                    type: object
                  issuer:
                    type: string
                  logoutUrl:
                    type: string
                  redirectUrl:
                    type: string
                  scopes:
                    items:
                      type: string
                    type: array
                  secret:
                    description: |-
                      SecretReference represents a Secret Reference. It has enough information to retrieve secret
                      in any namespace
                    properties:
                      name:
                        description: name is unique within a namespace to reference
                          a secret resource.
                        type: string
                      namespace:
                        description: namespace defines the space within which the
                          secret name must be unique.
                        type: string
                    type: object
                    x-kubernetes-map-type: atomic
                  session:
                    description: Session holds session configuration.
                    properties:
                      domain:
                        type: string
                      path:
                        type: string
                      refresh:
                        type: boolean
                      sameSite:
                        type: string
                      secure:
                        type: boolean
                    type: object
                  stateCookie:
                    description: StateCookie holds state cookie configuration.
                    properties:
                      domain:
                        type: string
                      path:
                        type: string
                      sameSite:
                        type: string
                      secure:
                        type: boolean
                    type: object
                type: object
              oidcGoogle:
                description: AccessControlPolicyOIDCGoogle holds the Google OIDC authentication
                  configuration.
                properties:
                  authParams:
                    additionalProperties:
                      type: string
                    type: object
                  clientId:
                    type: string
                  emails:
                    description: Emails are the allowed emails to connect.
                    items:
                      type: string
                    minItems: 1
                    type: array
                  forwardHeaders:
                    additionalProperties:
                      type: string
                    type: object
                  logoutUrl:
                    type: string
                  redirectUrl:
                    type: string
                  secret:
                    description: |-
                      SecretReference represents a Secret Reference. It has enough information to retrieve secret
                      in any namespace
                    properties:
                      name:
                        description: name is unique within a namespace to reference
                          a secret resource.
                        type: string
                      namespace:
                        description: namespace defines the space within which the
                          secret name must be unique.
                        type: string
                    type: object
                    x-kubernetes-map-type: atomic
                  session:
                    description: Session holds session configuration.
                    properties:
                      domain:
                        type: string
                      path:
                        type: string
                      refresh:
                        type: boolean
                      sameSite:
                        type: string
                      secure:
                        type: boolean
                    type: object
                  stateCookie:
                    description: StateCookie holds state cookie configuration.
                    properties:
                      domain:
                        type: string
                      path:
                        type: string
                      sameSite:
                        type: string
                      secure:
                        type: boolean
                    type: object
                type: object
            type: object
          status:
            description: The current status of this access control policy.
            properties:
              specHash:
                type: string
              syncedAt:
                format: date-time
                type: string
              version:
                type: string
            type: object
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/hub.traefik.io_apiaccesses.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: apiaccesses.hub.traefik.io
spec:
  group: hub.traefik.io
  names:
    kind: APIAccess
    listKind: APIAccessList
    plural: apiaccesses
    singular: apiaccess
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: APIAccess defines who can access to a set of APIs.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: The desired behavior of this APIAccess.
            properties:
              apiSelector:
                description: |-
                  APISelector selects the APIs that will be accessible to the configured audience.
                  Multiple APIAccesses can select the same set of APIs.
                  This field is optional and follows standard label selector semantics.
                  An empty APISelector matches any API.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: |-
                        A label selector requirement is a selector that contains values, a key, and an operator that
                        relates the key and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: |-
                            operator represents a key's relationship to a set of values.
                            Valid operators are In, NotIn, Exists and DoesNotExist.
                          type: string
                        values:
                          description: |-
                            values is an array of string values. If the operator is In or NotIn,
                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
                            the values array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: |-
                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
                      map is equivalent to an element of matchExpressions, whose key field is "key", the
                      operator is "In", and the values array contains only "value". The requirements are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              apis:
                description: |-
                  APIs defines a set of APIs that will be accessible to the configured audience.
                  Multiple APIAccesses can select the same APIs.
                  When combined with APISelector, this set of APIs is appended to the matching APIs.
                items:
                  description: APIReference references an API.
                  properties:
                    name:
                      description: Name of the API.
                      maxLength: 253
                      type: string
                  required:
                  - name
                  type: object
                maxItems: 100
                type: array
                x-kubernetes-validations:
                - message: duplicated apis
                  rule: self.all(x, self.exists_one(y, x.name == y.name))
              everyone:
                description: Everyone indicates that all users will have access to
                  the selected APIs.
                type: boolean
              groups:
                description: Groups are the consumer groups that will gain access
                  to the selected APIs.
                items:
                  type: string
                type: array
              operationFilter:
                description: |-
                  OperationFilter specifies the allowed operations on APIs and APIVersions.
                  If not set, all operations are available.
                  An empty OperationFilter prohibits all operations.
                properties:
                  include:
                    description: Include defines the names of OperationSets that will
                      be accessible.
                    items:
                      type: string
                    maxItems: 100
                    type: array
                type: object
            type: object
            x-kubernetes-validations:
            - message: groups and everyone are mutually exclusive
              rule: '(has(self.everyone) && has(self.groups)) ? !(self.everyone &&
                self.groups.size() > 0) : true'
          status:
            description: The current status of this APIAccess.
            properties:
              hash:
                description: Hash is a hash representing the APIAccess.
                type: string
              syncedAt:
                format: date-time
                type: string
              version:
                type: string
            type: object
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/hub.traefik.io_apiportals.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: apiportals.hub.traefik.io
spec:
  group: hub.traefik.io
  names:
    kind: APIPortal
    listKind: APIPortalList
    plural: apiportals
    singular: apiportal
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: APIPortal defines a developer portal for accessing the documentation
          of APIs.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: The desired behavior of this APIPortal.
            properties:
              description:
                description: Description of the APIPortal.
                type: string
              title:
                description: Title is the public facing name of the APIPortal.
                type: string
              trustedUrls:
                description: TrustedURLs are the urls that are trusted by the OAuth
                  2.0 authorization server.
                items:
                  type: string
                maxItems: 1
                minItems: 1
                type: array
                x-kubernetes-validations:
                - message: must be a valid URLs
                  rule: self.all(x, isURL(x))
              ui:
                description: UI holds the UI customization options.
                properties:
                  logoUrl:
                    description: LogoURL is the public URL of the logo.
                    type: string
                type: object
            required:
            - trustedUrls
            type: object
          status:
            description: The current status of this APIPortal.
            properties:
              hash:
                description: Hash is a hash representing the APIPortal.
                type: string
              oidc:
                description: OIDC is the OIDC configuration for accessing the exposed
                  APIPortal WebUI.
                properties:
                  clientId:
                    description: ClientID is the OIDC ClientID for accessing the exposed
                      APIPortal WebUI.
                    type: string
                  issuer:
                    description: Issuer is the OIDC issuer for accessing the exposed
                      APIPortal WebUI.
                    type: string
                  secretName:
                    description: SecretName is the name of the secret containing the
                      OIDC ClientSecret for accessing the exposed APIPortal WebUI.
                    type: string
                type: object
              syncedAt:
                format: date-time
                type: string
              version:
                type: string
            type: object
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/hub.traefik.io_apiratelimits.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: apiratelimits.hub.traefik.io
spec:
  group: hub.traefik.io
  names:
    kind: APIRateLimit
    listKind: APIRateLimitList
    plural: apiratelimits
    singular: apiratelimit
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: APIRateLimit defines how group of consumers are rate limited
          on a set of APIs.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: The desired behavior of this APIRateLimit.
            properties:
              apiSelector:
                description: |-
                  APISelector selects the APIs that will be rate limited.
                  Multiple APIRateLimits can select the same set of APIs.
                  This field is optional and follows standard label selector semantics.
                  An empty APISelector matches any API.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: |-
                        A label selector requirement is a selector that contains values, a key, and an operator that
                        relates the key and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: |-
                            operator represents a key's relationship to a set of values.
                            Valid operators are In, NotIn, Exists and DoesNotExist.
                          type: string
                        values:
                          description: |-
                            values is an array of string values. If the operator is In or NotIn,
                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
                            the values array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: |-
                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
                      map is equivalent to an element of matchExpressions, whose key field is "key", the
                      operator is "In", and the values array contains only "value". The requirements are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              apis:
                description: |-
                  APIs defines a set of APIs that will be rate limited.
                  Multiple APIRateLimits can select the same APIs.
                  When combined with APISelector, this set of APIs is appended to the matching APIs.
                items:
                  description: APIReference references an API.
                  properties:
                    name:
                      description: Name of the API.
                      maxLength: 253
                      type: string
                  required:
                  - name
                  type: object
                maxItems: 100
                type: array
                x-kubernetes-validations:
                - message: duplicated apis
                  rule: self.all(x, self.exists_one(y, x.name == y.name))
              everyone:
                description: |-
                  Everyone indicates that all users will, by default, be rate limited with this configuration.
                  If an APIRateLimit explicitly target a group, the default rate limit will be ignored.
                type: boolean
              groups:
                description: |-
                  Groups are the consumer groups that will be rate limited.
                  Multiple APIRateLimits can target the same set of consumer groups, the most restrictive one applies.
                  When a consumer belongs to multiple groups, the least restrictive APIRateLimit applies.
                items:
                  type: string
                type: array
              limit:
                description: Limit is the maximum number of token in the bucket.
                type: integer
                x-kubernetes-validations:
                - message: must be a positive number
                  rule: self >= 0
              period:
                description: Period is the unit of time for the Limit.
                format: duration
                type: string
                x-kubernetes-validations:
                - message: must be between 1s and 1h
                  rule: self >= duration('1s') && self <= duration('1h')
              strategy:
                description: |-
                  Strategy defines how the bucket state will be synchronized between the different Traefik Hub instances.
                  It can be, either "local" or "distributed".
                enum:
                - local
                - distributed
                type: string
            required:
            - limit
            type: object
            x-kubernetes-validations:
            - message: groups and everyone are mutually exclusive
              rule: '(has(self.everyone) && has(self.groups)) ? !(self.everyone &&
                self.groups.size() > 0) : true'
          status:
            description: The current status of this APIRateLimit.
            properties:
              hash:
                description: Hash is a hash representing the APIRateLimit.
                type: string
              syncedAt:
                format: date-time
                type: string
              version:
                type: string
            type: object
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/hub.traefik.io_apis.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: apis.hub.traefik.io
spec:
  group: hub.traefik.io
  names:
    kind: API
    listKind: APIList
    plural: apis
    singular: api
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          API defines an HTTP interface that is exposed to external clients. It specifies the supported versions
          and provides instructions for accessing its documentation. Once instantiated, an API object is associated
          with an Ingress, IngressRoute, or HTTPRoute resource, enabling the exposure of the described API to the outside world.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: APISpec describes the API.
            properties:
              openApiSpec:
                description: OpenAPISpec defines the API contract as an OpenAPI specification.
                properties:
                  operationSets:
                    description: OperationSets defines the sets of operations to be
                      referenced for granular filtering in APIAccesses.
                    items:
                      description: |-
                        OperationSet gives a name to a set of matching OpenAPI operations.
                        This set of operations can then be referenced for granular filtering in APIAccesses.
                      properties:
                        matchers:
                          description: Matchers defines a list of alternative rules
                            for matching OpenAPI operations.
                          items:
                            description: OperationMatcher defines criteria for matching
                              an OpenAPI operation.
                            minProperties: 1
                            properties:
                              methods:
                                description: Methods specifies the HTTP methods to
                                  be included for selection.
                                items:
                                  type: string
                                maxItems: 10
                                type: array
                              path:
                                description: Path specifies the exact path of the
                                  operations to select.
                                maxLength: 255
                                type: string
                                x-kubernetes-validations:
                                - message: must start with a '/'
                                  rule: self.startsWith('/')
                                - message: cannot contains '../'
                                  rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")'
                              pathPrefix:
                                description: PathPrefix specifies the path prefix
                                  of the operations to select.
                                maxLength: 255
                                type: string
                                x-kubernetes-validations:
                                - message: must start with a '/'
                                  rule: self.startsWith('/')
                                - message: cannot contains '../'
                                  rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")'
                              pathRegex:
                                description: PathRegex specifies a regular expression
                                  pattern for matching operations based on their paths.
                                type: string
                            type: object
                            x-kubernetes-validations:
                            - message: path, pathPrefix and pathRegex are mutually
                                exclusive
                              rule: '[has(self.path), has(self.pathPrefix), has(self.pathRegex)].filter(x,
                                x).size() <= 1'
                          maxItems: 100
                          minItems: 1
                          type: array
                        name:
                          description: Name is the name of the OperationSet to reference
                            in APIAccesses.
                          maxLength: 253
                          type: string
                      required:
                      - matchers
                      - name
                      type: object
                    maxItems: 100
                    type: array
                  override:
                    description: Override holds data used to override OpenAPI specification.
                    properties:
                      servers:
                        items:
                          properties:
                            url:
                              type: string
                              x-kubernetes-validations:
                              - message: must be a valid URL
                                rule: isURL(self)
                          required:
                          - url
                          type: object
                        maxItems: 100
                        minItems: 1
                        type: array
                    required:
                    - servers
                    type: object
                  path:
                    description: |-
                      Path specifies the endpoint path within the Kubernetes Service where the OpenAPI specification can be obtained.
                      The Service queried is determined by the associated Ingress, IngressRoute, or HTTPRoute resource to which the API is attached.
                      It's important to note that this option is incompatible if the Ingress or IngressRoute specifies multiple backend services.
                      The Path must be accessible via a GET request method and should serve a YAML or JSON document containing the OpenAPI specification.
                    maxLength: 255
                    type: string
                    x-kubernetes-validations:
                    - message: must start with a '/'
                      rule: self.startsWith('/')
                    - message: cannot contains '../'
                      rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")'
                  url:
                    description: |-
                      URL is a Traefik Hub agent accessible URL for obtaining the OpenAPI specification.
                      The URL must be accessible via a GET request method and should serve a YAML or JSON document containing the OpenAPI specification.
                    type: string
                    x-kubernetes-validations:
                    - message: must be a valid URL
                      rule: isURL(self)
                type: object
                x-kubernetes-validations:
                - message: path or url must be defined
                  rule: has(self.path) || has(self.url)
              versions:
                description: Versions are the different APIVersions available.
                items:
                  description: APIVersionRef references an APIVersion.
                  properties:
                    name:
                      description: Name of the APIVersion.
                      maxLength: 253
                      type: string
                  required:
                  - name
                  type: object
                maxItems: 100
                minItems: 1
                type: array
            type: object
          status:
            description: The current status of this API.
            properties:
              hash:
                description: Hash is a hash representing the API.
                type: string
              syncedAt:
                format: date-time
                type: string
              version:
                type: string
            type: object
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/hub.traefik.io_apiversions.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: apiversions.hub.traefik.io
spec:
  group: hub.traefik.io
  names:
    kind: APIVersion
    listKind: APIVersionList
    plural: apiversions
    singular: apiversion
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.title
      name: Title
      type: string
    - jsonPath: .spec.release
      name: Release
      type: string
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: APIVersion defines a version of an API.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: The desired behavior of this APIVersion.
            properties:
              openApiSpec:
                description: OpenAPISpec defines the API contract as an OpenAPI specification.
                properties:
                  operationSets:
                    description: OperationSets defines the sets of operations to be
                      referenced for granular filtering in APIAccesses.
                    items:
                      description: |-
                        OperationSet gives a name to a set of matching OpenAPI operations.
                        This set of operations can then be referenced for granular filtering in APIAccesses.
                      properties:
                        matchers:
                          description: Matchers defines a list of alternative rules
                            for matching OpenAPI operations.
                          items:
                            description: OperationMatcher defines criteria for matching
                              an OpenAPI operation.
                            minProperties: 1
                            properties:
                              methods:
                                description: Methods specifies the HTTP methods to
                                  be included for selection.
                                items:
                                  type: string
                                maxItems: 10
                                type: array
                              path:
                                description: Path specifies the exact path of the
                                  operations to select.
                                maxLength: 255
                                type: string
                                x-kubernetes-validations:
                                - message: must start with a '/'
                                  rule: self.startsWith('/')
                                - message: cannot contains '../'
                                  rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")'
                              pathPrefix:
                                description: PathPrefix specifies the path prefix
                                  of the operations to select.
                                maxLength: 255
                                type: string
                                x-kubernetes-validations:
                                - message: must start with a '/'
                                  rule: self.startsWith('/')
                                - message: cannot contains '../'
                                  rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")'
                              pathRegex:
                                description: PathRegex specifies a regular expression
                                  pattern for matching operations based on their paths.
                                type: string
                            type: object
                            x-kubernetes-validations:
                            - message: path, pathPrefix and pathRegex are mutually
                                exclusive
                              rule: '[has(self.path), has(self.pathPrefix), has(self.pathRegex)].filter(x,
                                x).size() <= 1'
                          maxItems: 100
                          minItems: 1
                          type: array
                        name:
                          description: Name is the name of the OperationSet to reference
                            in APIAccesses.
                          maxLength: 253
                          type: string
                      required:
                      - matchers
                      - name
                      type: object
                    maxItems: 100
                    type: array
                  override:
                    description: Override holds data used to override OpenAPI specification.
                    properties:
                      servers:
                        items:
                          properties:
                            url:
                              type: string
                              x-kubernetes-validations:
                              - message: must be a valid URL
                                rule: isURL(self)
                          required:
                          - url
                          type: object
                        maxItems: 100
                        minItems: 1
                        type: array
                    required:
                    - servers
                    type: object
                  path:
                    description: |-
                      Path specifies the endpoint path within the Kubernetes Service where the OpenAPI specification can be obtained.
                      The Service queried is determined by the associated Ingress, IngressRoute, or HTTPRoute resource to which the API is attached.
                      It's important to note that this option is incompatible if the Ingress or IngressRoute specifies multiple backend services.
                      The Path must be accessible via a GET request method and should serve a YAML or JSON document containing the OpenAPI specification.
                    maxLength: 255
                    type: string
                    x-kubernetes-validations:
                    - message: must start with a '/'
                      rule: self.startsWith('/')
                    - message: cannot contains '../'
                      rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")'
                  url:
                    description: |-
                      URL is a Traefik Hub agent accessible URL for obtaining the OpenAPI specification.
                      The URL must be accessible via a GET request method and should serve a YAML or JSON document containing the OpenAPI specification.
                    type: string
                    x-kubernetes-validations:
                    - message: must be a valid URL
                      rule: isURL(self)
                type: object
                x-kubernetes-validations:
                - message: path or url must be defined
                  rule: has(self.path) || has(self.url)
              release:
                description: |-
                  Release is the version number of the API.
                  This value must follow the SemVer format: https://semver.org/
                maxLength: 100
                type: string
                x-kubernetes-validations:
                - message: must be a valid semver version
                  rule: self.matches(r"""^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$""")
              title:
                description: Title is the public facing name of the APIVersion.
                type: string
            required:
            - release
            type: object
          status:
            description: The current status of this APIVersion.
            properties:
              hash:
                description: Hash is a hash representing the APIVersion.
                type: string
              syncedAt:
                format: date-time
                type: string
              version:
                type: string
            type: object
        type: object
    served: true
    storage: true
    subresources: {}

---
# Source: traefik/crds/hub.traefik.io_edgeingresses.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  name: edgeingresses.hub.traefik.io
spec:
  group: hub.traefik.io
  names:
    kind: EdgeIngress
    listKind: EdgeIngressList
    plural: edgeingresses
    singular: edgeingress
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.service.name
      name: Service
      type: string
    - jsonPath: .spec.service.port
      name: Port
      type: string
    - jsonPath: .spec.acp.name
      name: ACP
      priority: 1
      type: string
    - jsonPath: .status.urls
      name: URLs
      type: string
    - jsonPath: .status.connection
      name: Connection
      type: string
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: EdgeIngress defines an edge ingress.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: The desired behavior of this edge ingress.
            properties:
              acp:
                description: EdgeIngressACP configures the ACP to use on the Ingress.
                properties:
                  name:
                    type: string
                required:
                - name
                type: object
              customDomains:
                description: CustomDomains are the custom domains for accessing the
                  exposed service.
                items:
                  type: string
                type: array
              service:
                description: EdgeIngressService configures the service to exposed
                  on the edge.
                properties:
                  name:
                    type: string
                  port:
                    type: integer
                required:
                - name
                - port
                type: object
            required:
            - service
            type: object
          status:
            description: The current status of this edge ingress.
            properties:
              connection:
                description: Connection is the status of the underlying connection
                  to the edge.
                type: string
              customDomains:
                description: CustomDomains are the custom domains for accessing the
                  exposed service.
                items:
                  type: string
                type: array
              domain:
                description: Domain is the Domain for accessing the exposed service.
                type: string
              specHash:
                description: SpecHash is a hash representing the EdgeIngressSpec
                type: string
              syncedAt:
                format: date-time
                type: string
              urls:
                description: URLs is the list of coma separated URL for accessing
                  the exposed service.
                type: string
              version:
                type: string
            type: object
        type: object
    served: true
    storage: true
    subresources: {}

---
# Source: traefik/crds/traefik.io_ingressroutes.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressroutes.traefik.io
spec:
  group: traefik.io
  names:
    kind: IngressRoute
    listKind: IngressRouteList
    plural: ingressroutes
    singular: ingressroute
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: IngressRouteSpec defines the desired state of IngressRoute.
            properties:
              entryPoints:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
                  More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
                  Default: all.
                items:
                  type: string
                type: array
              routes:
                description: Routes defines the list of routes.
                items:
                  description: Route holds the HTTP route configuration.
                  properties:
                    kind:
                      description: |-
                        Kind defines the kind of the route.
                        Rule is the only supported kind.
                      enum:
                      - Rule
                      type: string
                    match:
                      description: |-
                        Match defines the router's rule.
                        More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
                      type: string
                    middlewares:
                      description: |-
                        Middlewares defines the list of references to Middleware resources.
                        More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
                        properties:
                          name:
                            description: Name defines the name of the referenced Middleware
                              resource.
                            type: string
                          namespace:
                            description: Namespace defines the namespace of the referenced
                              Middleware resource.
                            type: string
                        required:
                        - name
                        type: object
                      type: array
                    priority:
                      description: |-
                        Priority defines the router's priority.
                        More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
                      type: integer
                    services:
                      description: |-
                        Services defines the list of Service.
                        It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
                      items:
                        description: Service defines an upstream HTTP service to proxy
                          traffic to.
                        properties:
                          kind:
                            description: Kind defines the kind of the Service.
                            enum:
                            - Service
                            - TraefikService
                            type: string
                          name:
                            description: |-
                              Name defines the name of the referenced Kubernetes Service or TraefikService.
                              The differentiation between the two is specified in the Kind field.
                            type: string
                          namespace:
                            description: Namespace defines the namespace of the referenced
                              Kubernetes Service or TraefikService.
                            type: string
                          nativeLB:
                            description: |-
                              NativeLB controls, when creating the load-balancer,
                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
                              The Kubernetes Service itself does load-balance to the pods.
                              By default, NativeLB is false.
                            type: boolean
                          passHostHeader:
                            description: |-
                              PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                              By default, passHostHeader is true.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: |-
                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          responseForwarding:
                            description: ResponseForwarding defines how Traefik forwards
                              the response from the upstream Kubernetes Service to
                              the client.
                            properties:
                              flushInterval:
                                description: |-
                                  FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
                                  A negative value means to flush immediately after each write to the client.
                                  This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                                  for such responses, writes are flushed to the client immediately.
                                  Default: 100ms
                                type: string
                            type: object
                          scheme:
                            description: |-
                              Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
                              It defaults to https when Kubernetes Service port is 443, http otherwise.
                            type: string
                          serversTransport:
                            description: |-
                              ServersTransport defines the name of ServersTransport resource to use.
                              It allows to configure the transport between Traefik and your servers.
                              Can only be used on a Kubernetes Service.
                            type: string
                          sticky:
                            description: |-
                              Sticky defines the sticky sessions configuration.
                              More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
                                properties:
                                  httpOnly:
                                    description: HTTPOnly defines whether the cookie
                                      can be accessed by client-side APIs, such as
                                      JavaScript.
                                    type: boolean
                                  maxAge:
                                    description: |-
                                      MaxAge indicates the number of seconds until the cookie expires.
                                      When set to a negative number, the cookie expires immediately.
                                      When set to zero, the cookie never expires.
                                    type: integer
                                  name:
                                    description: Name defines the Cookie name.
                                    type: string
                                  sameSite:
                                    description: |-
                                      SameSite defines the same site policy.
                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                    type: string
                                  secure:
                                    description: Secure defines whether the cookie
                                      can only be transmitted over an encrypted connection
                                      (i.e. HTTPS).
                                    type: boolean
                                type: object
                            type: object
                          strategy:
                            description: |-
                              Strategy defines the load balancing strategy between the servers.
                              RoundRobin is the only supported value at the moment.
                            type: string
                          weight:
                            description: |-
                              Weight defines the weight and should only be specified when Name references a TraefikService object
                              (and to be precise, one that embeds a Weighted Round Robin).
                            type: integer
                        required:
                        - name
                        type: object
                      type: array
                    syntax:
                      description: |-
                        Syntax defines the router's rule syntax.
                        More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
                      type: string
                  required:
                  - kind
                  - match
                  type: object
                type: array
              tls:
                description: |-
                  TLS defines the TLS configuration.
                  More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
                properties:
                  certResolver:
                    description: |-
                      CertResolver defines the name of the certificate resolver to use.
                      Cert resolvers have to be configured in the static configuration.
                      More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
                    type: string
                  domains:
                    description: |-
                      Domains defines the list of domains that will be used to issue certificates.
                      More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
                          description: Main defines the main domain name.
                          type: string
                        sans:
                          description: SANs defines the subject alternative domain
                            names.
                          items:
                            type: string
                          type: array
                      type: object
                    type: array
                  options:
                    description: |-
                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                      If not defined, the `default` TLSOption is used.
                      More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
                    properties:
                      name:
                        description: |-
                          Name defines the name of the referenced TLSOption.
                          More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
                        type: string
                      namespace:
                        description: |-
                          Namespace defines the namespace of the referenced TLSOption.
                          More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
                        type: string
                    required:
                    - name
                    type: object
                  secretName:
                    description: SecretName is the name of the referenced Kubernetes
                      Secret to specify the certificate details.
                    type: string
                  store:
                    description: |-
                      Store defines the reference to the TLSStore, that will be used to store certificates.
                      Please note that only `default` TLSStore can be used.
                    properties:
                      name:
                        description: |-
                          Name defines the name of the referenced TLSStore.
                          More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
                        type: string
                      namespace:
                        description: |-
                          Namespace defines the namespace of the referenced TLSStore.
                          More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
                        type: string
                    required:
                    - name
                    type: object
                type: object
            required:
            - routes
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_ingressroutetcps.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressroutetcps.traefik.io
spec:
  group: traefik.io
  names:
    kind: IngressRouteTCP
    listKind: IngressRouteTCPList
    plural: ingressroutetcps
    singular: ingressroutetcp
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
            properties:
              entryPoints:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
                  More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
                  Default: all.
                items:
                  type: string
                type: array
              routes:
                description: Routes defines the list of routes.
                items:
                  description: RouteTCP holds the TCP route configuration.
                  properties:
                    match:
                      description: |-
                        Match defines the router's rule.
                        More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
                        resources.
                      items:
                        description: ObjectReference is a generic reference to a Traefik
                          resource.
                        properties:
                          name:
                            description: Name defines the name of the referenced Traefik
                              resource.
                            type: string
                          namespace:
                            description: Namespace defines the namespace of the referenced
                              Traefik resource.
                            type: string
                        required:
                        - name
                        type: object
                      type: array
                    priority:
                      description: |-
                        Priority defines the router's priority.
                        More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
                      type: integer
                    services:
                      description: Services defines the list of TCP services.
                      items:
                        description: ServiceTCP defines an upstream TCP service to
                          proxy traffic to.
                        properties:
                          name:
                            description: Name defines the name of the referenced Kubernetes
                              Service.
                            type: string
                          namespace:
                            description: Namespace defines the namespace of the referenced
                              Kubernetes Service.
                            type: string
                          nativeLB:
                            description: |-
                              NativeLB controls, when creating the load-balancer,
                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
                              The Kubernetes Service itself does load-balance to the pods.
                              By default, NativeLB is false.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: |-
                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          proxyProtocol:
                            description: |-
                              ProxyProtocol defines the PROXY protocol configuration.
                              More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
                            properties:
                              version:
                                description: Version defines the PROXY Protocol version
                                  to use.
                                type: integer
                            type: object
                          serversTransport:
                            description: |-
                              ServersTransport defines the name of ServersTransportTCP resource to use.
                              It allows to configure the transport between Traefik and your servers.
                              Can only be used on a Kubernetes Service.
                            type: string
                          terminationDelay:
                            description: |-
                              TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
                              it has closed the writing capability of its connection, to close the reading capability as well,
                              hence fully terminating the connection.
                              It is a duration in milliseconds, defaulting to 100.
                              A negative value means an infinite deadline (i.e. the reading capability is never closed).
                              Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead.
                            type: integer
                          tls:
                            description: TLS determines whether to use TLS when dialing
                              with the backend.
                            type: boolean
                          weight:
                            description: Weight defines the weight used when balancing
                              requests between multiple Kubernetes Service.
                            type: integer
                        required:
                        - name
                        - port
                        type: object
                      type: array
                    syntax:
                      description: |-
                        Syntax defines the router's rule syntax.
                        More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
                      type: string
                  required:
                  - match
                  type: object
                type: array
              tls:
                description: |-
                  TLS defines the TLS configuration on a layer 4 / TCP Route.
                  More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
                properties:
                  certResolver:
                    description: |-
                      CertResolver defines the name of the certificate resolver to use.
                      Cert resolvers have to be configured in the static configuration.
                      More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
                    type: string
                  domains:
                    description: |-
                      Domains defines the list of domains that will be used to issue certificates.
                      More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
                        main:
                          description: Main defines the main domain name.
                          type: string
                        sans:
                          description: SANs defines the subject alternative domain
                            names.
                          items:
                            type: string
                          type: array
                      type: object
                    type: array
                  options:
                    description: |-
                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                      If not defined, the `default` TLSOption is used.
                      More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
                          resource.
                        type: string
                      namespace:
                        description: Namespace defines the namespace of the referenced
                          Traefik resource.
                        type: string
                    required:
                    - name
                    type: object
                  passthrough:
                    description: Passthrough defines whether a TLS router will terminate
                      the TLS connection.
                    type: boolean
                  secretName:
                    description: SecretName is the name of the referenced Kubernetes
                      Secret to specify the certificate details.
                    type: string
                  store:
                    description: |-
                      Store defines the reference to the TLSStore, that will be used to store certificates.
                      Please note that only `default` TLSStore can be used.
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
                          resource.
                        type: string
                      namespace:
                        description: Namespace defines the namespace of the referenced
                          Traefik resource.
                        type: string
                    required:
                    - name
                    type: object
                type: object
            required:
            - routes
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_ingressrouteudps.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressrouteudps.traefik.io
spec:
  group: traefik.io
  names:
    kind: IngressRouteUDP
    listKind: IngressRouteUDPList
    plural: ingressrouteudps
    singular: ingressrouteudp
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
            properties:
              entryPoints:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
                  More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
                  Default: all.
                items:
                  type: string
                type: array
              routes:
                description: Routes defines the list of routes.
                items:
                  description: RouteUDP holds the UDP route configuration.
                  properties:
                    services:
                      description: Services defines the list of UDP services.
                      items:
                        description: ServiceUDP defines an upstream UDP service to
                          proxy traffic to.
                        properties:
                          name:
                            description: Name defines the name of the referenced Kubernetes
                              Service.
                            type: string
                          namespace:
                            description: Namespace defines the namespace of the referenced
                              Kubernetes Service.
                            type: string
                          nativeLB:
                            description: |-
                              NativeLB controls, when creating the load-balancer,
                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
                              The Kubernetes Service itself does load-balance to the pods.
                              By default, NativeLB is false.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
                            description: |-
                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          weight:
                            description: Weight defines the weight used when balancing
                              requests between multiple Kubernetes Service.
                            type: integer
                        required:
                        - name
                        - port
                        type: object
                      type: array
                  type: object
                type: array
            required:
            - routes
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_middlewares.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: middlewares.traefik.io
spec:
  group: traefik.io
  names:
    kind: Middleware
    listKind: MiddlewareList
    plural: middlewares
    singular: middleware
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          Middleware is the CRD implementation of a Traefik Middleware.
          More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: MiddlewareSpec defines the desired state of a Middleware.
            properties:
              addPrefix:
                description: |-
                  AddPrefix holds the add prefix middleware configuration.
                  This middleware updates the path of a request before forwarding it.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
                properties:
                  prefix:
                    description: |-
                      Prefix is the string to add before the current path in the requested URL.
                      It should include a leading slash (/).
                    type: string
                type: object
              basicAuth:
                description: |-
                  BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
                properties:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
                    type: string
                  realm:
                    description: |-
                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
                      Default: traefik.
                    type: string
                  removeHeader:
                    description: |-
                      RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
                      Default: false.
                    type: boolean
                  secret:
                    description: Secret is the name of the referenced Kubernetes Secret
                      containing user credentials.
                    type: string
                type: object
              buffering:
                description: |-
                  Buffering holds the buffering middleware configuration.
                  This middleware retries or limits the size of requests that can be forwarded to backends.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
                properties:
                  maxRequestBodyBytes:
                    description: |-
                      MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
                      If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
                      Default: 0 (no maximum).
                    format: int64
                    type: integer
                  maxResponseBodyBytes:
                    description: |-
                      MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
                      If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
                      Default: 0 (no maximum).
                    format: int64
                    type: integer
                  memRequestBodyBytes:
                    description: |-
                      MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
                      Default: 1048576 (1Mi).
                    format: int64
                    type: integer
                  memResponseBodyBytes:
                    description: |-
                      MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
                      Default: 1048576 (1Mi).
                    format: int64
                    type: integer
                  retryExpression:
                    description: |-
                      RetryExpression defines the retry conditions.
                      It is a logical combination of functions with operators AND (&&) and OR (||).
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
                    type: string
                type: object
              chain:
                description: |-
                  Chain holds the configuration of the chain middleware.
                  This middleware enables to define reusable combinations of other pieces of middleware.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
                      the chain.
                    items:
                      description: MiddlewareRef is a reference to a Middleware resource.
                      properties:
                        name:
                          description: Name defines the name of the referenced Middleware
                            resource.
                          type: string
                        namespace:
                          description: Namespace defines the namespace of the referenced
                            Middleware resource.
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                type: object
              circuitBreaker:
                description: CircuitBreaker holds the circuit breaker configuration.
                properties:
                  checkPeriod:
                    anyOf:
                    - type: integer
                    - type: string
                    description: CheckPeriod is the interval between successive checks
                      of the circuit breaker condition (when in standby state).
                    x-kubernetes-int-or-string: true
                  expression:
                    description: Expression is the condition that triggers the tripped
                      state.
                    type: string
                  fallbackDuration:
                    anyOf:
                    - type: integer
                    - type: string
                    description: FallbackDuration is the duration for which the circuit
                      breaker will wait before trying to recover (from a tripped state).
                    x-kubernetes-int-or-string: true
                  recoveryDuration:
                    anyOf:
                    - type: integer
                    - type: string
                    description: RecoveryDuration is the duration for which the circuit
                      breaker will try to recover (as soon as it is in recovering
                      state).
                    x-kubernetes-int-or-string: true
                type: object
              compress:
                description: |-
                  Compress holds the compress middleware configuration.
                  This middleware compresses responses before sending them to the client, using gzip compression.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
                properties:
                  excludedContentTypes:
                    description: |-
                      ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
                      `application/grpc` is always excluded.
                    items:
                      type: string
                    type: array
                  includedContentTypes:
                    description: IncludedContentTypes defines the list of content
                      types to compare the Content-Type header of the responses before
                      compressing.
                    items:
                      type: string
                    type: array
                  minResponseBodyBytes:
                    description: |-
                      MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
                      Default: 1024.
                    type: integer
                type: object
              contentType:
                description: |-
                  ContentType holds the content-type middleware configuration.
                  This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
                properties:
                  autoDetect:
                    description: |-
                      AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
                      be automatically set to a value derived from the contents of the response.
                      Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
                    type: boolean
                type: object
              digestAuth:
                description: |-
                  DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
                properties:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
                    type: string
                  realm:
                    description: |-
                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
                      Default: traefik.
                    type: string
                  removeHeader:
                    description: RemoveHeader defines whether to remove the authorization
                      header before forwarding the request to the backend.
                    type: boolean
                  secret:
                    description: Secret is the name of the referenced Kubernetes Secret
                      containing user credentials.
                    type: string
                type: object
              errors:
                description: |-
                  ErrorPage holds the custom error middleware configuration.
                  This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
                properties:
                  query:
                    description: |-
                      Query defines the URL for the error page (hosted by service).
                      The {status} variable can be used in order to insert the status code in the URL.
                    type: string
                  service:
                    description: |-
                      Service defines the reference to a Kubernetes Service that will serve the error page.
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
                    properties:
                      kind:
                        description: Kind defines the kind of the Service.
                        enum:
                        - Service
                        - TraefikService
                        type: string
                      name:
                        description: |-
                          Name defines the name of the referenced Kubernetes Service or TraefikService.
                          The differentiation between the two is specified in the Kind field.
                        type: string
                      namespace:
                        description: Namespace defines the namespace of the referenced
                          Kubernetes Service or TraefikService.
                        type: string
                      nativeLB:
                        description: |-
                          NativeLB controls, when creating the load-balancer,
                          whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
                          The Kubernetes Service itself does load-balance to the pods.
                          By default, NativeLB is false.
                        type: boolean
                      passHostHeader:
                        description: |-
                          PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                          By default, passHostHeader is true.
                        type: boolean
                      port:
                        anyOf:
                        - type: integer
                        - type: string
                        description: |-
                          Port defines the port of a Kubernetes Service.
                          This can be a reference to a named port.
                        x-kubernetes-int-or-string: true
                      responseForwarding:
                        description: ResponseForwarding defines how Traefik forwards
                          the response from the upstream Kubernetes Service to the
                          client.
                        properties:
                          flushInterval:
                            description: |-
                              FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
                              A negative value means to flush immediately after each write to the client.
                              This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                              for such responses, writes are flushed to the client immediately.
                              Default: 100ms
                            type: string
                        type: object
                      scheme:
                        description: |-
                          Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
                          It defaults to https when Kubernetes Service port is 443, http otherwise.
                        type: string
                      serversTransport:
                        description: |-
                          ServersTransport defines the name of ServersTransport resource to use.
                          It allows to configure the transport between Traefik and your servers.
                          Can only be used on a Kubernetes Service.
                        type: string
                      sticky:
                        description: |-
                          Sticky defines the sticky sessions configuration.
                          More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
                            properties:
                              httpOnly:
                                description: HTTPOnly defines whether the cookie can
                                  be accessed by client-side APIs, such as JavaScript.
                                type: boolean
                              maxAge:
                                description: |-
                                  MaxAge indicates the number of seconds until the cookie expires.
                                  When set to a negative number, the cookie expires immediately.
                                  When set to zero, the cookie never expires.
                                type: integer
                              name:
                                description: Name defines the Cookie name.
                                type: string
                              sameSite:
                                description: |-
                                  SameSite defines the same site policy.
                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                type: string
                              secure:
                                description: Secure defines whether the cookie can
                                  only be transmitted over an encrypted connection
                                  (i.e. HTTPS).
                                type: boolean
                            type: object
                        type: object
                      strategy:
                        description: |-
                          Strategy defines the load balancing strategy between the servers.
                          RoundRobin is the only supported value at the moment.
                        type: string
                      weight:
                        description: |-
                          Weight defines the weight and should only be specified when Name references a TraefikService object
                          (and to be precise, one that embeds a Weighted Round Robin).
                        type: integer
                    required:
                    - name
                    type: object
                  status:
                    description: |-
                      Status defines which status or range of statuses should result in an error page.
                      It can be either a status code as a number (500),
                      as multiple comma-separated numbers (500,502),
                      as ranges by separating two codes with a dash (500-599),
                      or a combination of the two (404,418,500-599).
                    items:
                      type: string
                    type: array
                type: object
              forwardAuth:
                description: |-
                  ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
                properties:
                  addAuthCookiesToResponse:
                    description: AddAuthCookiesToResponse defines the list of cookies
                      to copy from the authentication server response to the response.
                    items:
                      type: string
                    type: array
                  address:
                    description: Address defines the authentication server address.
                    type: string
                  authRequestHeaders:
                    description: |-
                      AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
                      If not set or empty then all request headers are passed.
                    items:
                      type: string
                    type: array
                  authResponseHeaders:
                    description: AuthResponseHeaders defines the list of headers to
                      copy from the authentication server response and set on forwarded
                      request, replacing any existing conflicting headers.
                    items:
                      type: string
                    type: array
                  authResponseHeadersRegex:
                    description: |-
                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
                    type: string
                  tls:
                    description: TLS defines the configuration used to secure the
                      connection to the authentication server.
                    properties:
                      caOptional:
                        description: 'Deprecated: TLS client authentication is a server
                          side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).'
                        type: boolean
                      caSecret:
                        description: |-
                          CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
                        type: string
                      certSecret:
                        description: |-
                          CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
                          The client certificate is extracted from the keys `tls.crt` and `tls.key`.
                        type: string
                      insecureSkipVerify:
                        description: InsecureSkipVerify defines whether the server
                          certificates should be validated.
                        type: boolean
                    type: object
                  trustForwardHeader:
                    description: 'TrustForwardHeader defines whether to trust (ie:
                      forward) all X-Forwarded-* headers.'
                    type: boolean
                type: object
              grpcWeb:
                description: |-
                  GrpcWeb holds the gRPC web middleware configuration.
                  This middleware converts a gRPC web request to an HTTP/2 gRPC request.
                properties:
                  allowOrigins:
                    description: |-
                      AllowOrigins is a list of allowable origins.
                      Can also be a wildcard origin "*".
                    items:
                      type: string
                    type: array
                type: object
              headers:
                description: |-
                  Headers holds the headers middleware configuration.
                  This middleware manages the requests and responses headers.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
                properties:
                  accessControlAllowCredentials:
                    description: AccessControlAllowCredentials defines whether the
                      request can include user credentials.
                    type: boolean
                  accessControlAllowHeaders:
                    description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
                      values sent in preflight response.
                    items:
                      type: string
                    type: array
                  accessControlAllowMethods:
                    description: AccessControlAllowMethods defines the Access-Control-Request-Method
                      values sent in preflight response.
                    items:
                      type: string
                    type: array
                  accessControlAllowOriginList:
                    description: AccessControlAllowOriginList is a list of allowable
                      origins. Can also be a wildcard origin "*".
                    items:
                      type: string
                    type: array
                  accessControlAllowOriginListRegex:
                    description: AccessControlAllowOriginListRegex is a list of allowable
                      origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
                    items:
                      type: string
                    type: array
                  accessControlExposeHeaders:
                    description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
                      values sent in preflight response.
                    items:
                      type: string
                    type: array
                  accessControlMaxAge:
                    description: AccessControlMaxAge defines the time that a preflight
                      request may be cached.
                    format: int64
                    type: integer
                  addVaryHeader:
                    description: AddVaryHeader defines whether the Vary header is
                      automatically added/updated when the AccessControlAllowOriginList
                      is set.
                    type: boolean
                  allowedHosts:
                    description: AllowedHosts defines the fully qualified list of
                      allowed domain names.
                    items:
                      type: string
                    type: array
                  browserXssFilter:
                    description: BrowserXSSFilter defines whether to add the X-XSS-Protection
                      header with the value 1; mode=block.
                    type: boolean
                  contentSecurityPolicy:
                    description: ContentSecurityPolicy defines the Content-Security-Policy
                      header value.
                    type: string
                  contentTypeNosniff:
                    description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
                      header with the nosniff value.
                    type: boolean
                  customBrowserXSSValue:
                    description: |-
                      CustomBrowserXSSValue defines the X-XSS-Protection header value.
                      This overrides the BrowserXssFilter option.
                    type: string
                  customFrameOptionsValue:
                    description: |-
                      CustomFrameOptionsValue defines the X-Frame-Options header value.
                      This overrides the FrameDeny option.
                    type: string
                  customRequestHeaders:
                    additionalProperties:
                      type: string
                    description: CustomRequestHeaders defines the header names and
                      values to apply to the request.
                    type: object
                  customResponseHeaders:
                    additionalProperties:
                      type: string
                    description: CustomResponseHeaders defines the header names and
                      values to apply to the response.
                    type: object
                  featurePolicy:
                    description: 'Deprecated: FeaturePolicy option is deprecated,
                      please use PermissionsPolicy instead.'
                    type: string
                  forceSTSHeader:
                    description: ForceSTSHeader defines whether to add the STS header
                      even when the connection is HTTP.
                    type: boolean
                  frameDeny:
                    description: FrameDeny defines whether to add the X-Frame-Options
                      header with the DENY value.
                    type: boolean
                  hostsProxyHeaders:
                    description: HostsProxyHeaders defines the header keys that may
                      hold a proxied hostname value for the request.
                    items:
                      type: string
                    type: array
                  isDevelopment:
                    description: |-
                      IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
                      Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
                      If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
                      and STS headers, leave this as false.
                    type: boolean
                  permissionsPolicy:
                    description: |-
                      PermissionsPolicy defines the Permissions-Policy header value.
                      This allows sites to control browser features.
                    type: string
                  publicKey:
                    description: PublicKey is the public key that implements HPKP
                      to prevent MITM attacks with forged certificates.
                    type: string
                  referrerPolicy:
                    description: |-
                      ReferrerPolicy defines the Referrer-Policy header value.
                      This allows sites to control whether browsers forward the Referer header to other sites.
                    type: string
                  sslForceHost:
                    description: 'Deprecated: SSLForceHost option is deprecated, please
                      use RedirectRegex instead.'
                    type: boolean
                  sslHost:
                    description: 'Deprecated: SSLHost option is deprecated, please
                      use RedirectRegex instead.'
                    type: string
                  sslProxyHeaders:
                    additionalProperties:
                      type: string
                    description: |-
                      SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
                      It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
                    type: object
                  sslRedirect:
                    description: 'Deprecated: SSLRedirect option is deprecated, please
                      use EntryPoint redirection or RedirectScheme instead.'
                    type: boolean
                  sslTemporaryRedirect:
                    description: 'Deprecated: SSLTemporaryRedirect option is deprecated,
                      please use EntryPoint redirection or RedirectScheme instead.'
                    type: boolean
                  stsIncludeSubdomains:
                    description: STSIncludeSubdomains defines whether the includeSubDomains
                      directive is appended to the Strict-Transport-Security header.
                    type: boolean
                  stsPreload:
                    description: STSPreload defines whether the preload flag is appended
                      to the Strict-Transport-Security header.
                    type: boolean
                  stsSeconds:
                    description: |-
                      STSSeconds defines the max-age of the Strict-Transport-Security header.
                      If set to 0, the header is not set.
                    format: int64
                    type: integer
                type: object
              inFlightReq:
                description: |-
                  InFlightReq holds the in-flight request middleware configuration.
                  This middleware limits the number of requests being processed and served concurrently.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
                properties:
                  amount:
                    description: |-
                      Amount defines the maximum amount of allowed simultaneous in-flight request.
                      The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
                    format: int64
                    type: integer
                  sourceCriterion:
                    description: |-
                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
                      If several strategies are defined at the same time, an error will be raised.
                      If none are set, the default is to use the requestHost.
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
                    properties:
                      ipStrategy:
                        description: |-
                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
                          More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
                              header and take the IP located at the depth position
                              (starting from the right).
                            type: integer
                          excludedIPs:
                            description: ExcludedIPs configures Traefik to scan the
                              X-Forwarded-For header and select the first IP not in
                              the list.
                            items:
                              type: string
                            type: array
                        type: object
                      requestHeaderName:
                        description: RequestHeaderName defines the name of the header
                          used to group incoming requests.
                        type: string
                      requestHost:
                        description: RequestHost defines whether to consider the request
                          Host as the source.
                        type: boolean
                    type: object
                type: object
              ipAllowList:
                description: |-
                  IPAllowList holds the IP allowlist middleware configuration.
                  This middleware accepts / refuses requests based on the client IP.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
                properties:
                  ipStrategy:
                    description: |-
                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
                    properties:
                      depth:
                        description: Depth tells Traefik to use the X-Forwarded-For
                          header and take the IP located at the depth position (starting
                          from the right).
                        type: integer
                      excludedIPs:
                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
                          header and select the first IP not in the list.
                        items:
                          type: string
                        type: array
                    type: object
                  rejectStatusCode:
                    description: |-
                      RejectStatusCode defines the HTTP status code used for refused requests.
                      If not set, the default is 403 (Forbidden).
                    type: integer
                  sourceRange:
                    description: SourceRange defines the set of allowed IPs (or ranges
                      of allowed IPs by using CIDR notation).
                    items:
                      type: string
                    type: array
                type: object
              ipWhiteList:
                description: 'Deprecated: please use IPAllowList instead.'
                properties:
                  ipStrategy:
                    description: |-
                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
                      More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
                    properties:
                      depth:
                        description: Depth tells Traefik to use the X-Forwarded-For
                          header and take the IP located at the depth position (starting
                          from the right).
                        type: integer
                      excludedIPs:
                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
                          header and select the first IP not in the list.
                        items:
                          type: string
                        type: array
                    type: object
                  sourceRange:
                    description: SourceRange defines the set of allowed IPs (or ranges
                      of allowed IPs by using CIDR notation).
                    items:
                      type: string
                    type: array
                type: object
              passTLSClientCert:
                description: |-
                  PassTLSClientCert holds the pass TLS client cert middleware configuration.
                  This middleware adds the selected data from the passed client TLS certificate to a header.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
                properties:
                  info:
                    description: Info selects the specific client certificate details
                      you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
                    properties:
                      issuer:
                        description: Issuer defines the client certificate issuer
                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
                        properties:
                          commonName:
                            description: CommonName defines whether to add the organizationalUnit
                              information into the issuer.
                            type: boolean
                          country:
                            description: Country defines whether to add the country
                              information into the issuer.
                            type: boolean
                          domainComponent:
                            description: DomainComponent defines whether to add the
                              domainComponent information into the issuer.
                            type: boolean
                          locality:
                            description: Locality defines whether to add the locality
                              information into the issuer.
                            type: boolean
                          organization:
                            description: Organization defines whether to add the organization
                              information into the issuer.
                            type: boolean
                          province:
                            description: Province defines whether to add the province
                              information into the issuer.
                            type: boolean
                          serialNumber:
                            description: SerialNumber defines whether to add the serialNumber
                              information into the issuer.
                            type: boolean
                        type: object
                      notAfter:
                        description: NotAfter defines whether to add the Not After
                          information from the Validity part.
                        type: boolean
                      notBefore:
                        description: NotBefore defines whether to add the Not Before
                          information from the Validity part.
                        type: boolean
                      sans:
                        description: Sans defines whether to add the Subject Alternative
                          Name information from the Subject Alternative Name part.
                        type: boolean
                      serialNumber:
                        description: SerialNumber defines whether to add the client
                          serialNumber information.
                        type: boolean
                      subject:
                        description: Subject defines the client certificate subject
                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
                        properties:
                          commonName:
                            description: CommonName defines whether to add the organizationalUnit
                              information into the subject.
                            type: boolean
                          country:
                            description: Country defines whether to add the country
                              information into the subject.
                            type: boolean
                          domainComponent:
                            description: DomainComponent defines whether to add the
                              domainComponent information into the subject.
                            type: boolean
                          locality:
                            description: Locality defines whether to add the locality
                              information into the subject.
                            type: boolean
                          organization:
                            description: Organization defines whether to add the organization
                              information into the subject.
                            type: boolean
                          organizationalUnit:
                            description: OrganizationalUnit defines whether to add
                              the organizationalUnit information into the subject.
                            type: boolean
                          province:
                            description: Province defines whether to add the province
                              information into the subject.
                            type: boolean
                          serialNumber:
                            description: SerialNumber defines whether to add the serialNumber
                              information into the subject.
                            type: boolean
                        type: object
                    type: object
                  pem:
                    description: PEM sets the X-Forwarded-Tls-Client-Cert header with
                      the certificate.
                    type: boolean
                type: object
              plugin:
                additionalProperties:
                  x-kubernetes-preserve-unknown-fields: true
                description: |-
                  Plugin defines the middleware plugin configuration.
                  More info: https://doc.traefik.io/traefik/plugins/
                type: object
              rateLimit:
                description: |-
                  RateLimit holds the rate limit configuration.
                  This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
                properties:
                  average:
                    description: |-
                      Average is the maximum rate, by default in requests/s, allowed for the given source.
                      It defaults to 0, which means no rate limiting.
                      The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
                      one needs to define a Period larger than a second.
                    format: int64
                    type: integer
                  burst:
                    description: |-
                      Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
                      It defaults to 1.
                    format: int64
                    type: integer
                  period:
                    anyOf:
                    - type: integer
                    - type: string
                    description: |-
                      Period, in combination with Average, defines the actual maximum rate, such as:
                      r = Average / Period. It defaults to a second.
                    x-kubernetes-int-or-string: true
                  sourceCriterion:
                    description: |-
                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
                      If several strategies are defined at the same time, an error will be raised.
                      If none are set, the default is to use the request's remote address field (as an ipStrategy).
                    properties:
                      ipStrategy:
                        description: |-
                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
                          More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
                              header and take the IP located at the depth position
                              (starting from the right).
                            type: integer
                          excludedIPs:
                            description: ExcludedIPs configures Traefik to scan the
                              X-Forwarded-For header and select the first IP not in
                              the list.
                            items:
                              type: string
                            type: array
                        type: object
                      requestHeaderName:
                        description: RequestHeaderName defines the name of the header
                          used to group incoming requests.
                        type: string
                      requestHost:
                        description: RequestHost defines whether to consider the request
                          Host as the source.
                        type: boolean
                    type: object
                type: object
              redirectRegex:
                description: |-
                  RedirectRegex holds the redirect regex middleware configuration.
                  This middleware redirects a request using regex matching and replacement.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
                      (301).
                    type: boolean
                  regex:
                    description: Regex defines the regex used to match and capture
                      elements from the request URL.
                    type: string
                  replacement:
                    description: Replacement defines how to modify the URL to have
                      the new target URL.
                    type: string
                type: object
              redirectScheme:
                description: |-
                  RedirectScheme holds the redirect scheme middleware configuration.
                  This middleware redirects requests from a scheme/port to another.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
                      (301).
                    type: boolean
                  port:
                    description: Port defines the port of the new URL.
                    type: string
                  scheme:
                    description: Scheme defines the scheme of the new URL.
                    type: string
                type: object
              replacePath:
                description: |-
                  ReplacePath holds the replace path middleware configuration.
                  This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
                properties:
                  path:
                    description: Path defines the path to use as replacement in the
                      request URL.
                    type: string
                type: object
              replacePathRegex:
                description: |-
                  ReplacePathRegex holds the replace path regex middleware configuration.
                  This middleware replaces the path of a URL using regex matching and replacement.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
                properties:
                  regex:
                    description: Regex defines the regular expression used to match
                      and capture the path from the request URL.
                    type: string
                  replacement:
                    description: Replacement defines the replacement path format,
                      which can include captured variables.
                    type: string
                type: object
              retry:
                description: |-
                  Retry holds the retry middleware configuration.
                  This middleware reissues requests a given number of times to a backend server if that server does not reply.
                  As soon as the server answers, the middleware stops retrying, regardless of the response status.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
                      be retried.
                    type: integer
                  initialInterval:
                    anyOf:
                    - type: integer
                    - type: string
                    description: |-
                      InitialInterval defines the first wait time in the exponential backoff series.
                      The maximum interval is calculated as twice the initialInterval.
                      If unspecified, requests will be retried immediately.
                      The value of initialInterval should be provided in seconds or as a valid duration format,
                      see https://pkg.go.dev/time#ParseDuration.
                    x-kubernetes-int-or-string: true
                type: object
              stripPrefix:
                description: |-
                  StripPrefix holds the strip prefix middleware configuration.
                  This middleware removes the specified prefixes from the URL path.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
                properties:
                  forceSlash:
                    description: |-
                      Deprecated: ForceSlash option is deprecated, please remove any usage of this option.
                      ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
                      Default: true.
                    type: boolean
                  prefixes:
                    description: Prefixes defines the prefixes to strip from the request
                      URL.
                    items:
                      type: string
                    type: array
                type: object
              stripPrefixRegex:
                description: |-
                  StripPrefixRegex holds the strip prefix regex middleware configuration.
                  This middleware removes the matching prefixes from the URL path.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
                properties:
                  regex:
                    description: Regex defines the regular expression to match the
                      path prefix from the request URL.
                    items:
                      type: string
                    type: array
                type: object
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_middlewaretcps.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: middlewaretcps.traefik.io
spec:
  group: traefik.io
  names:
    kind: MiddlewareTCP
    listKind: MiddlewareTCPList
    plural: middlewaretcps
    singular: middlewaretcp
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
          More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
            properties:
              inFlightConn:
                description: InFlightConn defines the InFlightConn middleware configuration.
                properties:
                  amount:
                    description: |-
                      Amount defines the maximum amount of allowed simultaneous connections.
                      The middleware closes the connection if there are already amount connections opened.
                    format: int64
                    type: integer
                type: object
              ipAllowList:
                description: |-
                  IPAllowList defines the IPAllowList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
                      allowed IPs by using CIDR notation).
                    items:
                      type: string
                    type: array
                type: object
              ipWhiteList:
                description: |-
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
                  Deprecated: please use IPAllowList instead.
                  More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
                      allowed IPs by using CIDR notation).
                    items:
                      type: string
                    type: array
                type: object
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_serverstransports.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: serverstransports.traefik.io
spec:
  group: traefik.io
  names:
    kind: ServersTransport
    listKind: ServersTransportList
    plural: serverstransports
    singular: serverstransport
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
          More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: ServersTransportSpec defines the desired state of a ServersTransport.
            properties:
              certificatesSecrets:
                description: CertificatesSecrets defines a list of secret storing
                  client certificates for mTLS.
                items:
                  type: string
                type: array
              disableHTTP2:
                description: DisableHTTP2 disables HTTP/2 for connections with backend
                  servers.
                type: boolean
              forwardingTimeouts:
                description: ForwardingTimeouts defines the timeouts for requests
                  forwarded to the backend servers.
                properties:
                  dialTimeout:
                    anyOf:
                    - type: integer
                    - type: string
                    description: DialTimeout is the amount of time to wait until a
                      connection to a backend server can be established.
                    x-kubernetes-int-or-string: true
                  idleConnTimeout:
                    anyOf:
                    - type: integer
                    - type: string
                    description: IdleConnTimeout is the maximum period for which an
                      idle HTTP keep-alive connection will remain open before closing
                      itself.
                    x-kubernetes-int-or-string: true
                  pingTimeout:
                    anyOf:
                    - type: integer
                    - type: string
                    description: PingTimeout is the timeout after which the HTTP/2
                      connection will be closed if a response to ping is not received.
                    x-kubernetes-int-or-string: true
                  readIdleTimeout:
                    anyOf:
                    - type: integer
                    - type: string
                    description: ReadIdleTimeout is the timeout after which a health
                      check using ping frame will be carried out if no frame is received
                      on the HTTP/2 connection.
                    x-kubernetes-int-or-string: true
                  responseHeaderTimeout:
                    anyOf:
                    - type: integer
                    - type: string
                    description: ResponseHeaderTimeout is the amount of time to wait
                      for a server's response headers after fully writing the request
                      (including its body, if any).
                    x-kubernetes-int-or-string: true
                type: object
              insecureSkipVerify:
                description: InsecureSkipVerify disables SSL certificate verification.
                type: boolean
              maxIdleConnsPerHost:
                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
                  to keep per-host.
                type: integer
              peerCertURI:
                description: PeerCertURI defines the peer cert URI used to match against
                  SAN URI during the peer certificate verification.
                type: string
              rootCAsSecrets:
                description: RootCAsSecrets defines a list of CA secret used to validate
                  self-signed certificate.
                items:
                  type: string
                type: array
              serverName:
                description: ServerName defines the server name used to contact the
                  server.
                type: string
              spiffe:
                description: Spiffe defines the SPIFFE configuration.
                properties:
                  ids:
                    description: IDs defines the allowed SPIFFE IDs (takes precedence
                      over the SPIFFE TrustDomain).
                    items:
                      type: string
                    type: array
                  trustDomain:
                    description: TrustDomain defines the allowed SPIFFE trust domain.
                    type: string
                type: object
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_serverstransporttcps.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: serverstransporttcps.traefik.io
spec:
  group: traefik.io
  names:
    kind: ServersTransportTCP
    listKind: ServersTransportTCPList
    plural: serverstransporttcps
    singular: serverstransporttcp
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          ServersTransportTCP is the CRD implementation of a TCPServersTransport.
          If no tcpServersTransport is specified, a default one named default@internal will be used.
          The default@internal tcpServersTransport can be configured in the static configuration.
          More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: ServersTransportTCPSpec defines the desired state of a ServersTransportTCP.
            properties:
              dialKeepAlive:
                anyOf:
                - type: integer
                - type: string
                description: DialKeepAlive is the interval between keep-alive probes
                  for an active network connection. If zero, keep-alive probes are
                  sent with a default value (currently 15 seconds), if supported by
                  the protocol and operating system. Network protocols or operating
                  systems that do not support keep-alives ignore this field. If negative,
                  keep-alive probes are disabled.
                x-kubernetes-int-or-string: true
              dialTimeout:
                anyOf:
                - type: integer
                - type: string
                description: DialTimeout is the amount of time to wait until a connection
                  to a backend server can be established.
                x-kubernetes-int-or-string: true
              terminationDelay:
                anyOf:
                - type: integer
                - type: string
                description: TerminationDelay defines the delay to wait before fully
                  terminating the connection, after one connected peer has closed
                  its writing capability.
                x-kubernetes-int-or-string: true
              tls:
                description: TLS defines the TLS configuration
                properties:
                  certificatesSecrets:
                    description: CertificatesSecrets defines a list of secret storing
                      client certificates for mTLS.
                    items:
                      type: string
                    type: array
                  insecureSkipVerify:
                    description: InsecureSkipVerify disables TLS certificate verification.
                    type: boolean
                  peerCertURI:
                    description: |-
                      MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
                      PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.
                    type: string
                  rootCAsSecrets:
                    description: RootCAsSecrets defines a list of CA secret used to
                      validate self-signed certificates.
                    items:
                      type: string
                    type: array
                  serverName:
                    description: ServerName defines the server name used to contact
                      the server.
                    type: string
                  spiffe:
                    description: Spiffe defines the SPIFFE configuration.
                    properties:
                      ids:
                        description: IDs defines the allowed SPIFFE IDs (takes precedence
                          over the SPIFFE TrustDomain).
                        items:
                          type: string
                        type: array
                      trustDomain:
                        description: TrustDomain defines the allowed SPIFFE trust
                          domain.
                        type: string
                    type: object
                type: object
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_tlsoptions.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: tlsoptions.traefik.io
spec:
  group: traefik.io
  names:
    kind: TLSOption
    listKind: TLSOptionList
    plural: tlsoptions
    singular: tlsoption
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
          More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: TLSOptionSpec defines the desired state of a TLSOption.
            properties:
              alpnProtocols:
                description: |-
                  ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
                  More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
                items:
                  type: string
                type: array
              cipherSuites:
                description: |-
                  CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
                  More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
                items:
                  type: string
                type: array
              clientAuth:
                description: ClientAuth defines the server's policy for TLS Client
                  Authentication.
                properties:
                  clientAuthType:
                    description: ClientAuthType defines the client authentication
                      type to apply.
                    enum:
                    - NoClientCert
                    - RequestClientCert
                    - RequireAnyClientCert
                    - VerifyClientCertIfGiven
                    - RequireAndVerifyClientCert
                    type: string
                  secretNames:
                    description: SecretNames defines the names of the referenced Kubernetes
                      Secret storing certificate details.
                    items:
                      type: string
                    type: array
                type: object
              curvePreferences:
                description: |-
                  CurvePreferences defines the preferred elliptic curves in a specific order.
                  More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
                items:
                  type: string
                type: array
              maxVersion:
                description: |-
                  MaxVersion defines the maximum TLS version that Traefik will accept.
                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
                  Default: None.
                type: string
              minVersion:
                description: |-
                  MinVersion defines the minimum TLS version that Traefik will accept.
                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
                  Default: VersionTLS10.
                type: string
              preferServerCipherSuites:
                description: |-
                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
                description: SniStrict defines whether Traefik allows connections
                  from clients connections that do not specify a server_name extension.
                type: boolean
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_tlsstores.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: tlsstores.traefik.io
spec:
  group: traefik.io
  names:
    kind: TLSStore
    listKind: TLSStoreList
    plural: tlsstores
    singular: tlsstore
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          TLSStore is the CRD implementation of a Traefik TLS Store.
          For the time being, only the TLSStore named default is supported.
          This means that you cannot have two stores that are named default in different Kubernetes namespaces.
          More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: TLSStoreSpec defines the desired state of a TLSStore.
            properties:
              certificates:
                description: Certificates is a list of secret names, each secret holding
                  a key/certificate pair to add to the store.
                items:
                  description: Certificate holds a secret name for the TLSStore resource.
                  properties:
                    secretName:
                      description: SecretName is the name of the referenced Kubernetes
                        Secret to specify the certificate details.
                      type: string
                  required:
                  - secretName
                  type: object
                type: array
              defaultCertificate:
                description: DefaultCertificate defines the default certificate configuration.
                properties:
                  secretName:
                    description: SecretName is the name of the referenced Kubernetes
                      Secret to specify the certificate details.
                    type: string
                required:
                - secretName
                type: object
              defaultGeneratedCert:
                description: DefaultGeneratedCert defines the default generated certificate
                  configuration.
                properties:
                  domain:
                    description: Domain is the domain definition for the DefaultCertificate.
                    properties:
                      main:
                        description: Main defines the main domain name.
                        type: string
                      sans:
                        description: SANs defines the subject alternative domain names.
                        items:
                          type: string
                        type: array
                    type: object
                  resolver:
                    description: Resolver is the name of the resolver that will be
                      used to issue the DefaultCertificate.
                    type: string
                type: object
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true

---
# Source: traefik/crds/traefik.io_traefikservices.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.14.0
  name: traefikservices.traefik.io
spec:
  group: traefik.io
  names:
    kind: TraefikService
    listKind: TraefikServiceList
    plural: traefikservices
    singular: traefikservice
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: |-
          TraefikService is the CRD implementation of a Traefik Service.
          TraefikService object allows to:
          - Apply weight to Services on load-balancing
          - Mirror traffic on services
          More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: TraefikServiceSpec defines the desired state of a TraefikService.
            properties:
              mirroring:
                description: Mirroring defines the Mirroring service configuration.
                properties:
                  kind:
                    description: Kind defines the kind of the Service.
                    enum:
                    - Service
                    - TraefikService
                    type: string
                  maxBodySize:
                    description: |-
                      MaxBodySize defines the maximum size allowed for the body of the request.
                      If the body is larger, the request is not mirrored.
                      Default value is -1, which means unlimited size.
                    format: int64
                    type: integer
                  mirrors:
                    description: Mirrors defines the list of mirrors where Traefik
                      will duplicate the traffic.
                    items:
                      description: MirrorService holds the mirror configuration.
                      properties:
                        kind:
                          description: Kind defines the kind of the Service.
                          enum:
                          - Service
                          - TraefikService
                          type: string
                        name:
                          description: |-
                            Name defines the name of the referenced Kubernetes Service or TraefikService.
                            The differentiation between the two is specified in the Kind field.
                          type: string
                        namespace:
                          description: Namespace defines the namespace of the referenced
                            Kubernetes Service or TraefikService.
                          type: string
                        nativeLB:
                          description: |-
                            NativeLB controls, when creating the load-balancer,
                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
                            The Kubernetes Service itself does load-balance to the pods.
                            By default, NativeLB is false.
                          type: boolean
                        passHostHeader:
                          description: |-
                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                            By default, passHostHeader is true.
                          type: boolean
                        percent:
                          description: |-
                            Percent defines the part of the traffic to mirror.
                            Supported values: 0 to 100.
                          type: integer
                        port:
                          anyOf:
                          - type: integer
                          - type: string
                          description: |-
                            Port defines the port of a Kubernetes Service.
                            This can be a reference to a named port.
                          x-kubernetes-int-or-string: true
                        responseForwarding:
                          description: ResponseForwarding defines how Traefik forwards
                            the response from the upstream Kubernetes Service to the
                            client.
                          properties:
                            flushInterval:
                              description: |-
                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
                                A negative value means to flush immediately after each write to the client.
                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                                for such responses, writes are flushed to the client immediately.
                                Default: 100ms
                              type: string
                          type: object
                        scheme:
                          description: |-
                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                          type: string
                        serversTransport:
                          description: |-
                            ServersTransport defines the name of ServersTransport resource to use.
                            It allows to configure the transport between Traefik and your servers.
                            Can only be used on a Kubernetes Service.
                          type: string
                        sticky:
                          description: |-
                            Sticky defines the sticky sessions configuration.
                            More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
                              properties:
                                httpOnly:
                                  description: HTTPOnly defines whether the cookie
                                    can be accessed by client-side APIs, such as JavaScript.
                                  type: boolean
                                maxAge:
                                  description: |-
                                    MaxAge indicates the number of seconds until the cookie expires.
                                    When set to a negative number, the cookie expires immediately.
                                    When set to zero, the cookie never expires.
                                  type: integer
                                name:
                                  description: Name defines the Cookie name.
                                  type: string
                                sameSite:
                                  description: |-
                                    SameSite defines the same site policy.
                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                  type: string
                                secure:
                                  description: Secure defines whether the cookie can
                                    only be transmitted over an encrypted connection
                                    (i.e. HTTPS).
                                  type: boolean
                              type: object
                          type: object
                        strategy:
                          description: |-
                            Strategy defines the load balancing strategy between the servers.
                            RoundRobin is the only supported value at the moment.
                          type: string
                        weight:
                          description: |-
                            Weight defines the weight and should only be specified when Name references a TraefikService object
                            (and to be precise, one that embeds a Weighted Round Robin).
                          type: integer
                      required:
                      - name
                      type: object
                    type: array
                  name:
                    description: |-
                      Name defines the name of the referenced Kubernetes Service or TraefikService.
                      The differentiation between the two is specified in the Kind field.
                    type: string
                  namespace:
                    description: Namespace defines the namespace of the referenced
                      Kubernetes Service or TraefikService.
                    type: string
                  nativeLB:
                    description: |-
                      NativeLB controls, when creating the load-balancer,
                      whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
                      The Kubernetes Service itself does load-balance to the pods.
                      By default, NativeLB is false.
                    type: boolean
                  passHostHeader:
                    description: |-
                      PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                      By default, passHostHeader is true.
                    type: boolean
                  port:
                    anyOf:
                    - type: integer
                    - type: string
                    description: |-
                      Port defines the port of a Kubernetes Service.
                      This can be a reference to a named port.
                    x-kubernetes-int-or-string: true
                  responseForwarding:
                    description: ResponseForwarding defines how Traefik forwards the
                      response from the upstream Kubernetes Service to the client.
                    properties:
                      flushInterval:
                        description: |-
                          FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
                          A negative value means to flush immediately after each write to the client.
                          This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                          for such responses, writes are flushed to the client immediately.
                          Default: 100ms
                        type: string
                    type: object
                  scheme:
                    description: |-
                      Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
                      It defaults to https when Kubernetes Service port is 443, http otherwise.
                    type: string
                  serversTransport:
                    description: |-
                      ServersTransport defines the name of ServersTransport resource to use.
                      It allows to configure the transport between Traefik and your servers.
                      Can only be used on a Kubernetes Service.
                    type: string
                  sticky:
                    description: |-
                      Sticky defines the sticky sessions configuration.
                      More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
                        properties:
                          httpOnly:
                            description: HTTPOnly defines whether the cookie can be
                              accessed by client-side APIs, such as JavaScript.
                            type: boolean
                          maxAge:
                            description: |-
                              MaxAge indicates the number of seconds until the cookie expires.
                              When set to a negative number, the cookie expires immediately.
                              When set to zero, the cookie never expires.
                            type: integer
                          name:
                            description: Name defines the Cookie name.
                            type: string
                          sameSite:
                            description: |-
                              SameSite defines the same site policy.
                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                            type: string
                          secure:
                            description: Secure defines whether the cookie can only
                              be transmitted over an encrypted connection (i.e. HTTPS).
                            type: boolean
                        type: object
                    type: object
                  strategy:
                    description: |-
                      Strategy defines the load balancing strategy between the servers.
                      RoundRobin is the only supported value at the moment.
                    type: string
                  weight:
                    description: |-
                      Weight defines the weight and should only be specified when Name references a TraefikService object
                      (and to be precise, one that embeds a Weighted Round Robin).
                    type: integer
                required:
                - name
                type: object
              weighted:
                description: Weighted defines the Weighted Round Robin configuration.
                properties:
                  services:
                    description: Services defines the list of Kubernetes Service and/or
                      TraefikService to load-balance, with weight.
                    items:
                      description: Service defines an upstream HTTP service to proxy
                        traffic to.
                      properties:
                        kind:
                          description: Kind defines the kind of the Service.
                          enum:
                          - Service
                          - TraefikService
                          type: string
                        name:
                          description: |-
                            Name defines the name of the referenced Kubernetes Service or TraefikService.
                            The differentiation between the two is specified in the Kind field.
                          type: string
                        namespace:
                          description: Namespace defines the namespace of the referenced
                            Kubernetes Service or TraefikService.
                          type: string
                        nativeLB:
                          description: |-
                            NativeLB controls, when creating the load-balancer,
                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
                            The Kubernetes Service itself does load-balance to the pods.
                            By default, NativeLB is false.
                          type: boolean
                        passHostHeader:
                          description: |-
                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                            By default, passHostHeader is true.
                          type: boolean
                        port:
                          anyOf:
                          - type: integer
                          - type: string
                          description: |-
                            Port defines the port of a Kubernetes Service.
                            This can be a reference to a named port.
                          x-kubernetes-int-or-string: true
                        responseForwarding:
                          description: ResponseForwarding defines how Traefik forwards
                            the response from the upstream Kubernetes Service to the
                            client.
                          properties:
                            flushInterval:
                              description: |-
                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
                                A negative value means to flush immediately after each write to the client.
                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                                for such responses, writes are flushed to the client immediately.
                                Default: 100ms
                              type: string
                          type: object
                        scheme:
                          description: |-
                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                          type: string
                        serversTransport:
                          description: |-
                            ServersTransport defines the name of ServersTransport resource to use.
                            It allows to configure the transport between Traefik and your servers.
                            Can only be used on a Kubernetes Service.
                          type: string
                        sticky:
                          description: |-
                            Sticky defines the sticky sessions configuration.
                            More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
                              properties:
                                httpOnly:
                                  description: HTTPOnly defines whether the cookie
                                    can be accessed by client-side APIs, such as JavaScript.
                                  type: boolean
                                maxAge:
                                  description: |-
                                    MaxAge indicates the number of seconds until the cookie expires.
                                    When set to a negative number, the cookie expires immediately.
                                    When set to zero, the cookie never expires.
                                  type: integer
                                name:
                                  description: Name defines the Cookie name.
                                  type: string
                                sameSite:
                                  description: |-
                                    SameSite defines the same site policy.
                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                  type: string
                                secure:
                                  description: Secure defines whether the cookie can
                                    only be transmitted over an encrypted connection
                                    (i.e. HTTPS).
                                  type: boolean
                              type: object
                          type: object
                        strategy:
                          description: |-
                            Strategy defines the load balancing strategy between the servers.
                            RoundRobin is the only supported value at the moment.
                          type: string
                        weight:
                          description: |-
                            Weight defines the weight and should only be specified when Name references a TraefikService object
                            (and to be precise, one that embeds a Weighted Round Robin).
                          type: integer
                      required:
                      - name
                      type: object
                    type: array
                  sticky:
                    description: |-
                      Sticky defines whether sticky sessions are enabled.
                      More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
                        properties:
                          httpOnly:
                            description: HTTPOnly defines whether the cookie can be
                              accessed by client-side APIs, such as JavaScript.
                            type: boolean
                          maxAge:
                            description: |-
                              MaxAge indicates the number of seconds until the cookie expires.
                              When set to a negative number, the cookie expires immediately.
                              When set to zero, the cookie never expires.
                            type: integer
                          name:
                            description: Name defines the Cookie name.
                            type: string
                          sameSite:
                            description: |-
                              SameSite defines the same site policy.
                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                            type: string
                          secure:
                            description: Secure defines whether the cookie can only
                              be transmitted over an encrypted connection (i.e. HTTPS).
                            type: boolean
                        type: object
                    type: object
                type: object
            type: object
        required:
        - metadata
        - spec
        type: object
    served: true
    storage: true